Abstract: Bulk joining of computing devices to an identity service is performed in two parts. In the first part, a user of a token retrieval device provides credentials to an identity service, which verifies the credentials and provides to the token retrieval device a bulk token for joining the service. In the second part, the bulk token obtained from the identity service is provided to each computing device in a group of multiple computing devices that are to join the identity service. Each computing device in the group of computing devices communicates with the identity service to join the identity service using the bulk token. The bulk token can be provided to each of the multiple computing devices in the group as part of a provisioning package that includes additional configuration information to be used to configure the computing devices in the group.

Abstract: Authentication and authorization can be performed with a bundled token, which encapsulates two or more security tokens in a single security token. The bundled token can be supplied in response to a request for a token from a token service, for example. Subsequently, the bundled token can be sent in conjunction with a request for resource access, wherein more than one token is required to access the resource.

Abstract: Embodiments are directed to permitting client devices that connect remotely to an enterprise network to operate in a site-aware manner. In distributed file systems, files may be replicated in multiple places across a network. Embodiments are directed to providing requesting clients referrals (or paths) to replicas of desired information that are accessible by the requesting client with the least overall “cost” to the client and the network. The present systems and methods allow remote client devices to reliably identify a site with their referral requests so that the referring server(s) may provide site-aware referrals in response to the requests.